This document explains how to hide users when you do not want them to
appear in the corporate directory. These users can be CTI users, Attendant
Console, Cisco Emergency Responder, Cisco Conference Connection, and so forth.
The CCMSysUser, CCMAdministrator, and PMASysUser users are already hidden by
default.

The information in this document is based on Cisco CallManager 4.x and
later.

The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.

Use Microsoft Active Directory Service Interfaces (ADSIEdit), available
as a part of the Windows 2000 Support Tools, or any other LDAP tool, in order
to update the Description field. Add the string
CiscoPrivateUser to the
Description field of the user. If the tool is not available, use this output:

Copy these five lines (note the '-' after the first four lines). In
Active Directory 2003, this is required and has changed from Active Directory
2002 into a text file. Replace [userid] with the
userid of the user that you need to hide. Replace
[domain] with your domain. Save this file on the
Active Directory server as hideuser.ldif.

Since LDAP integration architecture changed much between Cisco
CallManager 4.x and Cisco CallManager 5.x, complete these steps in order to
hide a user in Cisco CallManager 5.x.

Note: In Cisco Unified Communications Manager 5.x and later, you cannot set
the Description to CiscoPrivateUser in order to
hide the users. It is not supported.

If your Cisco Unified Communication Manager is Linux based, use these
workarounds:

The application users do not appear in the corporate directory from
the IP Phones. So, for users that you do not want to show up in the Corporate
directory, make them as application users. After this, you can delete them from
Active Directory or DC directory, if you upgrade to a Linux based Cisco Unified
Communication Manager from Cisco CallManager 4.x

If you do not want to delete users in the Active Directory or DC
Directory, you can also associate the users you want to hide with a different
Organizational Unit so that Cisco Unified Communication Manager does not have
to deal with them. Then, create new supplementary application users.

If your Cisco Unified Communication Manager is Windows based, use these
workarounds:

Cisco Unified Communication Manager does not sync users without the
LastName attribute in the Active Directory or DC Directory. So you can remove
the last name of the user that you want to hide from the Active directory or DC
Directory.

You can configure access control lists on the Active Directory side
in order to prevent the distinguished name to appear in the corporate
directory.

You can add some special character, such as "[", to the First name or
Last name attribute, and re-sync the LDAP. Those users will not appear in the
corporate directory.